CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

MGASA-2018-0218 Updated java-1.8.0-openjdk packages fix security vulnerabilities

OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 OpenJDK: insufficient consistency checks in deserialization of multiple classes Security,...

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

java-1.7.0-openjdk security update

1:1.7.0.181-2.6.14.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.181-2.6.14.1 - Fix invalid license 'LGPL+' should be LGPLv2+ for ECC code and add missing ones - Resolves: rhbz1559766 1:1.7.0.181-2.6.14.0 - Bump to 2.6.14 and u181b00. - Drop 8197981 Zero 32-bit patch now applied upstream. - Updat...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Install. Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE...

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 January 2018 CPUbsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages...

SUSE-SU-2018:0663-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Security issues fix in jdk8u161 icedtea 3.7.0bsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups -...

SUSE-SU-2018:0665-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Removed java-180-ibm-alsa and java-180-ibm-plugin entries in baselibs.conf due to errors in osc sourcevalidator Version update to 8.0.5.10 bsc1082810 Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

MGASA-2018-0104 Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

Unspecified Vulnerability in Oracle Java SE, Java SE Embedded and Jrockit (CNVD-2018-02240)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a Java platform for developing...

SUSE-SU-2018:0005-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

SUSE-SU-2017:3440-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: CVE-2017-10349: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit:...

SUSE-SU-2017:3369-1 Security update for java-1_6_0-ibm

This update for java-160-ibm fixes the following issues: Security issues fixed: - Security update to version 6.0.16.50 bsc1070162 CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347...

OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)

It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...

OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...